Friday, November 4, 2020

Did you ever get to experience the blue light special?  The blue light special was Kmart’s tactic for putting items on sale and bringing in more sales.  Unfortunately, Kmart began to struggle and sales diminished.  This weeks cyber attack of the week is Kmart, who found themselves a victim of a ransomware attack.  

Kmart’s Background

The first Kmart store opened up in 1962.  Since then, they grew to a major retail store who could compete with other large corporations such as Walmart and Target.  Eventually, their huge success came to a halt.  In 2002, Kmart filed for bankruptcy.  Bankruptcy and dwindling profits forced Kmart to close over 300 stores nationwide.  The trend continued as each year reported less sales.  In 2018, Kmart filed for bankruptcy again and continued to close stores.


The Attack and Damages

Just recently, the struggling company found themselves victim to a ransomware attack.  Egregor, one of the most aggressive forms of ransomware, encrypted some of Kmart’s devices and servers andcompletely disabled them for use.  Kmart’s online stores remain open to use; although, the attack disabled their internal site, 

In addition, Egregor doesn’t just leave assets unavailable, this type of ransomware steals any unencrypted data before doing its dirty work.  With their breached data, the attackers now have more leverage against their victim.  If the victim doesn’t pay the ransom, the attacker threatens to leak the stolen data.

This leaves Kmart in a very vulnerable position.  Their internal site is now unavailable and now the attackers might possess sensitive information that can lead to even further damage to the struggling company.


Preventing Future Attacks

Any company for that matter, including Kmart, can follow some good practices to prevent becoming a victim of a similar attack.  Firstly, ensure that all sensitive data is encrypted.  If not, that data can be scrounged up by Egregor and then potentially leaked or used as leverage for the attacker.